CIA Triad in Cybersecurity

Questions and Answers

What is the primary goal of achieving confidentiality in data and information?

To prevent unauthorized disclosure, access, or use of data (correct)

To ensure data is available at all times

To maintain the integrity of data

To ensure authenticity of data

Where should data be secured to maintain confidentiality?

Only in local hard disk drives

In storage, in process, and when traversing a network (correct)

Only when data is being transmitted over the internet

Only in the cloud

What is the primary difference between HTTP and HTTPS?

HTTPS is faster than HTTP

HTTP is used for local networks, while HTTPS is used for the internet

HTTPS is used for transmitting large files, while HTTP is used for small files

HTTPS uses encryption to maintain confidentiality (correct)

What is the principle of least privilege?

Restricting access to data and information to only what is necessary

What is a potential threat to data in process?

Malware and buffer overflow attacks

What is the main purpose of access control methodologies?

To protect information from unauthorized disclosure, access, or theft

What is the primary concern when data is traversing a network?

Protecting data from unauthorized access or theft

What is the main goal of maintaining confidentiality in information security?

To prevent unauthorized disclosure, access, or use of data

What is the primary goal of the CIA Triad in Cybersecurity?

To ensure the confidentiality, integrity, and availability of sensitive data.

What is the definition of confidentiality in the context of the CIA Triad?

Preserving safeguards, access controls, and disclosures of sensitive data to ensure privacy.

What are the three primary principles in the CIA Triad?

Confidentiality, Integrity, and Availability.

Why is it important to incorporate the CIA Triad into your Cybersecurity mindset?

To demonstrate a security-focused mindset in Cybersecurity practices.

What is the purpose of the CIA Triad in Cybersecurity governance?

To ensure the three principles of the CIA Triad are addressed in Cybersecurity governance.

What is the relationship between the CIA Triad and security implementations?

The CIA Triad defines the overall goals and objectives of security implementations and practices.

What should organizations ensure about the CIA Triad in their Cybersecurity practices?

That the three principles of the CIA Triad are addressed in their Cybersecurity governance and practices.

What is the benefit of using the CIA Triad as guidelines for Cybersecurity-related practices?

It simplifies the primary goals and objectives of Cybersecurity for policy writers and system architects.

Study Notes

CIA Triad

• The CIA Triad is a fundamental concept in Cybersecurity that simplifies the primary goals and objectives of security implementations and practices.

Confidentiality

• Definition: Preserving safeguards, access controls, and disclosures of sensitive data to ensure privacy of personal and proprietary information from unintended parties.
• Simplified Concept: Only authorized individuals, processes, and systems should have access to information.
• Requirements for confidentiality:
  • Data-at-rest: Information stored in any form of storage must remain secured and confidential.
  • Data-in-process: Information being actively processed by a processing unit or placed in volatile memory must remain confidential.
  • Data-in-transit: Data traveling across networks must be encrypted to maintain confidentiality.

Principle of Least Privilege

• Definition: Access to data/information should be restricted to only the resources absolutely necessary to perform a job function.
• Users, accounts, and computing processes should only have the minimum access required to perform their job functions.

Description

Learn about the CIA Triad and its importance in understanding security vulnerabilities. This concept is crucial for cybersecurity practitioners to demonstrate a security-focused mindset.